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ABSTRACT 



A method for providing system management services to a 
customer's network of target computers through a commu- 
nications network is described. Service subscribers have at 
least one target computer system. Each target computer 
system has a hardware configuration and a software con- 
figuration. An agent process is hosted on at least one target 
computer system of each subscriber. Each agent communi- 
cates with a centralized control server through a communi- 
cation link. The control server manages the hardware or 
software configurations of the target computer systems 
through the server. By centralizing the resources for man- 
aging the computing resources of several subscribers at a 
single control server, the need for redundant management 
resources at each subscriber is reduced or eliminated. A 
method for providing a customer system management infor- 
mation in response to receiving information about the cus- 
tomer's target computer system is also described. 

63 Claims, 4 Drawing Sheets 
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METHOD AND APPARATUS FOR 
MONITORING COMPUTER SYSTEMS AND 
ALERTING USERS OF ACTUAL OR 
POTENTIAL SYSTEM ERRORS 

BACKGROUND 

Large networks of computers, particularly those which 
share common hardware components and software 
applications, are typically administered centrally. As these 
networks grow in size and complexity, it becomes increas- 
ingly difficult for system users (including system 
administrators) to determine whether and how additions of 
new software or hardware will affect the existing hardware 
and software used by the system. Additionally, it becomes 
more difficult to determine when upgraded versions of 
existing software arc available and compatible with the 
existing system. Lastly, the increasing complexity of net- 
worked systems makes it more difficult to investigate 
defects, software dependencies or conflicts, or information 
critical to the operation of existing software and hardware. 
In such complex systems, software dependencies are par- 
ticularly problematic, as many different software applica- 
tions may scan the same system files for data or software 
code to enable basic or enhanced functionality or write (and 
overwrite) data to the same system files. As a result, system 
users typically treat system files as unalterable "black 
boxes " limiting system flexibility. 

Existing system monitoring and management tools, such 
as the Hewlett-Packard Company's Openview system or the 
Computer Associates International, Inc.'s Unicenter 
systems, employ agents running on target computer systems. 
These systems rely on an agent or a software process which 
monitors target computer systems for configuration, 
diagnostic, frequency of use, and other information which 
run on the target computer systems to collect configuration 
and diagnostic information about the target computer sys- 
tems and relay it to a centralized station. From this station, 
a system administrator can review the information and take 
appropriate actions. 

As described in U.S. Pat. No. 5,933,646 to Hendrickson 
et al., target computer systems commonly have numerous 
installed software packages which can be enabled, disabled, 
installed or removed. A configuration database stores infor- 
mation associated with each of these software packages, 
including information indicating whether the software pack- 
age is enabled, the location of the software package within 
a hierarchical filing structure and a dependency listing 
(showing the interdependencies between the software pack- 
age and other software packages on the target computer 
systems or system files) for each software package. A 
software manager server supports a software manager 
graphical user interface (GUI) which permits a system 
administrator to view the contents of the configuration 
database. The software manager also carries out 
administrator-specified changes to the system and amends 
the configuration database to reflect the changes. 

"Inside TCP/IP," by Matthew Flint Arnett et al. (New 
Riders Publishing, Indianapolis, Ind. 1994) further describes 
management of networked computer systems. Specifically, 
it describes the use of simple network management protocol 
(SNMP) agents to monitor target computer systems. The 
SNMP agents send error trap messages to a SNMP manager 
when measured system parameters exceed a threshold value. 
The SNMP manager may present the error trap signals to a 
system administrator. The system administrator may set the 
threshold values at which SNMP traps are triggered. 
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The network of target computer systems may be a local 
area network (LAN) arranged in a star, bus or ring topology. 
Network communication priority may be handled according 
to either the Ethernet or token ring protocols. In an Ethernet 

5 LAN, a transmitting station monitors the network transmis- 
sion channel to determine if it is busy and transmits only 
after the transmission channel is not busy. In a token ring 
LAN, communication priority is passed from one station to 
the next and a station must have priority before it can 

10 transmit a message. Network communications can follow 
the TCP/IP protocol in which messages are divided into 
discrete "packets" of information which are addressed to 
particular receiving addresses. 
The configurations of target computers in a customer 

15 network are typically monitored by a single dedicated sys- 
tem administrator. As changes to the existing software 
packages are made, old software packages are removed from 
the target computers or new software packages are added to 
the target computers, the system administrator must typi- 

20 cally change its configuration database in response. Such a 
process of updating a configuration database incurs signifi- 
cant cost to operating and maintaining the network. 

SUMMARY 

25 

Generally, an embodiment of the present invention is 
directed to a method and system for managing a network of 
target computers. Another embodiment of the invention is 
directed to agents for collecting configuration, diagnostic, 

3Q frequency of use or other information from the target com- 
puter system and transmitting the collected information to a 
central control server. The control server receives the infor- 
mation and accesses relevant information from a database of 
software information. The control server then formats and 

35 transmits this information to the agent. The agent may act on 
the information directly or may display the information to a 
user through a management tool GUI. 

Another embodiment of the present invention is directed 
to a method of providing system management services to a 

40 network of target computers including the steps of enrolling 
customers to receive computer system management services 
for a fee, receiving information about the customer network 
from agents associated with target computer systems, com- 
paring the target computer system information with software 

45 and hardware information stored in a database and trans- 
mitting that information to the customer. 

DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a signal flow diagram illustrating the major 
50 components of the system for monitoring target computer 
systems and communicating software information to target 
computer system users. 

FIG. 2A is a flow chart diagram illustrating transmission 
of target computer system information from an agent to the 
55 control server. 

FIG. 2B is a flow chart diagram illustrating reception of 
information by an agent from the control server and action 
upon the received information. 
60 FIG. 3 illustrates a set of sample records in the knowledge 
base (KB). 

FIG. 4 shows a dependency tree diagram illustrating 
direct and indirect dependencies. 

DETAILED DESCRIPTION 

0? 

Embodiments of the present invention relate to providing 
a management service to a plurality of subscribers having at 
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least one target computer system. Each target computer 
system has a hardware configuration and a software con- 
figuration. An agent process is hosted on at least one target 
computer system of each subscriber. Each agent communi- 
cates with a centralized control server through a communi- 
cation link. The control server manages the hardware or 
software configurations of the target computer systems 
through the server. By centralizing the resources for man- 
aging the computing resources of several subscribers at a 
single control server, the need for redundant management 
resources at each subscriber is reduced or eliminated. 

As shown in the drawings for purposes of illustration, 
embodiments of the present invention are directed to a 
method and system for managing a network of target com- 
puters. The term target computers is not limited solely to 
computers per se and may include, without limitation, other 
processor-based devices or network-communicating hard- 
ware components, such as printers, servers, terminals, 
copiers, fax machines, mobile/wireless telephones and Inter- 
net telephones. 

FIG. 1 illustrates the network topology according to an 
embodiment of the present invention. A customer site con- 
sists of a plurality of target computer systems la to In. The 
target computers are connected with a network management 
server 17. Each target computer system may be associated 
with 9 dedicated agent processor 2 that runs a process known 
as an "agent". The customer network may also include a 
separate Web server 16. In alternate embodiments, the Web 
server 16, the agent and the network management server 17 
need not be hosted on dedicated platforms. For example, 
instances of the agent may reside on each of the target 
computer systems. Customer network communications link 
3 allows information to be transmitted among the target 
computers la to In, network management server 17, dedi- 
cated agent processor 2 and other components (not shown) 
of the customer network, e.g., shared hardware components 
such as a printer server and printer. The customer network 
may be a local area network (LAN), metropolitan area 
network (MAN), wide area network (WAN) or any other 
type of computer network and may use any network 
implementation, including, for example, the Ethernet, 
ARCnet, Token Ring implementations. Information commu- 
nicated over the customer network communications link 
may conform to any data communications protocol, includ- 
ing TCP/IP, IPX/SPX, NetBios and AppleTalk. Customer 
network communications link 3 may consist of a wire line 
(such as twisted-pair telephone wire, coaxial cable, electric 
power line, optical fiber wire, leased line or the like) or 
wireless (such as satellite, cellular, radio frequency or the 
like) connection. 

FIG. 1 depicts an embodiment of the invention in which 
a single agent resides on a dedicated agent processor 2 
separate from the other nodes of the network. In other 
embodiments of the invention, an agent process may reside 
on a target computer ia to In, the Web server 16 or the 
network server 17 and the customer -network may include 
several agents. An agent may reside on an associated target 
computer or on a separate computer electronically or 
remotely associated with the target computer. The agent in 
the illustrated embodiment can either be associated with a 
single target computer or a plurality of target comput* 
Therefore, the agent may be a distributed process in a system 
with multiple target computers. In an embodiment of the 
invention, the agent communicates with a control server 4 
according to a TCP/IP protocol (or other available protocol) 
using techniques known tolnose of ordinary skuTin tht art. 
Furthermore, although FIG. 1 depicts target computers la to 
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50 



55 



In as computer terminals, Imy component included in the 
customer network, including the network server 17, Web 
server 16 or hardware components such as a printer server 
and printer (no Xshown V^may^be a V target computer/' 

^rrfgent associated with a target computer interrogates 
the target computer for system information. The agent may 
be implemented using a polling-only approach, in which the 
agent periodically ^interrogates-the target computer system 
for information, an interrupt-based approach, "in which the 
agent interrogates the" target computer when an extraordi- 
nary event occurs, - ora hybrid or any other approach. 

In an interrupt-based embodiment.of the Xk invention, the 
agent may maintain thresholds formeasuring various system 
parameters during the interrogation process. The agent may 
transmit ari"error message when a measured system param- 
eter exceeds a threshold or some other extraordinary event 
occurs. Particularly in heterogeneous networks of target 
computer systems having different operating systems or 
software platforms, the agent may be written in Java or 
another platform-independent language to maximize port- 
ability between target computer systems. A Java embodi- 
ment of the agent may employ remote method invocation 
(RMI). Other embodiments may employ another remote 
procedure call method of communication to execute target 
computer system invocation. 

Embodiments of the-agent may adapt to specific charac- 
teristics of a target computer system with which it is 
associated. For example, the agent may- adjust its threshold 
values to conform to system load requirements. Hie agent 
may also be_c hanged by input from a target computer user 
(including a network system administrator) through the 
management tool pUI or through the addition of "plug-ins" 
from the control server 4. A plug- in may be a software 
instructions) which can be added to the agent process to 
alter the way in which the agent interrogates the target 
computer system. For example, a plug^-in or user input may 
instruct the agent to look for a new' file associated with a 
newly-introduced software package, reset threshold values 
or define a combination of conditions as a new error. The 
types of plug-ins added to an agent may depend on the 
purpose of the target computer la to In being monitored by 
the agent and the software running on that target computer 
la to In. The control server 4 may update the agent plug-ins 
as the target computer environment, host environment or 
control server environment changes. 

The agent transmits target computer system information 
in a communicationsjietwork 14~over network connection 
6c. The information is received at the-control server 4 over 
network connection 15. T he communications network 14 
can-be-any type~of publie^mmumcations network (e.g., the 
Internet or a dedicated channel in a public switched tele- 
phone network), private communications network (e.g., a 
LAN, WAN or MAN) or T hybrid of public and private 
communications networks. Where^a public network is used, 
communicalions between"the control server 4, the commu- 
nications n etwork 14 and customer network components 
^connectell~ joWn^Bcof5mu^^ 
rietwork-se" 



60 



65 



mm cass 
ro gsnts, jttrecflmp 

to any.data.communication protocol const! 
of communications network 14 chosen. For example, where" 
tne Internet-sejyes -as-the communications network 14, 
information may be transmitted according to the TCP/IP 
protocol . Like^customer-network .communications 
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neLwc^connections 6a, 6b, 6c and-H> may consist of wire ~ alert engine 12 transmits the alert message through the 

line or wireless connections. In a heterogeneous network of control server 4 and its network connection 15. The alert 

target computers and customer networks using different engine 12 may transmit a general alert message to all agents, 

operating systems or,software platforms, communication In this embodiment, each agent may be responsible for 

between agents and the control-server 4 through the com- 5 determining if the alert message is relevant to the associated 

munications network 14 can be in the* form of procedure target computer system la to 1/J. Alternatively, the alert 

calls or, in a Java-based embodiment. of-the -agent, remote engine 12 may transmit the alert message to only those 

method invocation. Other embodiments may employ differ- agents associated with affected target computer systems. In 
ent communication protocols such as CORBA or JINL_^_} this embodiment, the alert engine 12 may determine which 

To ieducelE^ 10 a § ents are associated with affected tar S et computer systems 

cated between the agent and the control server 4, the control b y reviewing information in the customer information base 
server 4 may store target computer system information 

received from the agent in a customer information base The control server 4 may also access information in the 
(CIB) 5. The agent associated with a target computer may KB 8 to determine when new software packages are avail- 
Men update the information storedjnjhe CI B 5 for t hat 15 able to customers. Upon finding that a new software package 
ta rget coni ptrt e r ci t h e r -pefiooically (for^tample, in 0 a ; is available, the control server 4 may send a general message 
poUing^only-agent-embodiment) or as changes to the target^? to all agents communicating with the control server 4 that 
computer system are detected (for example, in an interrupt- * the software package is available. Alternatively, the control 
based agent embodiment). In this embodiment, the amount server 4 may send a message that the software package is 
of information communicated by an agent to the control 2 o available to only those agents whose target computer sys- 
server in each transmission may be lessened if each message terns are compatible with the new software package, 
consists only of changed information and/or user queries. Furthermore, the control server 4 may send a plug-in to all 
Furthermore, in such an embodiment, alert information can agents or selected agents to look for files associated with the 
be selectively sent by the control server 4 to only those new software package during the process of interrogating 
agents associated with affected target computer systems. The 2 $ associated target computer systems. 
CIB 5 typically stores system information for all target The agent may be implemented as a continuously running 
computer systems with agents that communicate with the background process such as a daemon on a UNIX-based 
control server 4 over the communications network 14. system or a service on a Windows NT-based system residing 
Control server 4 sends information to and retrieves infor- on a target computer. The process launches when the target 
mation from CIB 5 over communication link 7. Communi- 30 computer system reboots. An agent may be multi-threaded 
cation link 7 may consist of electrical connections internal to to perform several operations at once, e .g., monitor software 
a computer, telephone lines, coaxial cables or wireless and processes, listen for software configuration and alert 
systems. The CIB 5 may also contain billing or subscription messages from the control server 4 and transmit information 
information for a particular customer. The control server 4 to the management tool, control server 4, or KB 8. Both the 
may access this subscription or billing information periodi- 35 agent and software components of the control server 4 may 
cally or with each communication to the agent to determine be written in Java script for portability and flexibility in 
the type of operating system the customer is using, to assess communication with agents functioning on various plat- 
whether the customer is up-to-date on payments or to forms. 

transmit billing information to the agent. A user query may be submitted to the control server 4 
The control server 4 also communicates with the knowl- 40 either through the management tool GUI (not shown) and 
edge base (KB) 8 over communication link 9. Software the agent or, alternatively, directly from the user through a 
information 11 is collected from various sources and used to Web browser (not shown) and the Web server 16. For 
update KB 8. In an embodiment of the invention, software example, a user may request information on how installing 
information 11 is automatically collected from sources a new software package or removing an existing software 
known to have useful information. In other embodiments, 45 package on the existing target computer system would affect 
the software information may be collected manually. The other software applications and hardware components exist- 
automatically collected information is then evaluated, ana- ing in the target computer system or customer network. A 
lyzed for importance and formatted before being used to user query may also be sent to determine whether upgraded 
update KB 8. Sources of software information 11 include, versions of software packages are available and compatible 
among other things, software vendors, public bulletin boards 50 with the target computer system. 

and customer feedback. Customer feedback information FIG. 2 A shows a flow diagram of the information trans- 
may be automatically collected by agents 2a to 2m and mission process in an embodiment of the agent. In decision 
transmitted to the control server. In one embodiment, the KB block 100, triggering inputs may be received by the agent 
8 consists of several databases, each containing software, from the target computer system itself, from the manage- 
hardware and systems information specifically relevant to a 55 ment tool GUI (i.e., from the user) or from the control server 
particular operating system (e.g., Windows, Unix, Linux or 4. Examples of triggering inputs from the target computer 
Apache) or software component (e.g., software components system include a set number of clock pulses in a system 
produced by Oracle or Microsoft). If a customer network where the agent periodically transmits target computer sys- 
used the Linux operating system, for example, the customer tem information to the control server 4 in a polling-only 
may subscribe to only the Linux database in the KB 8 and 60 agent embodiment. Alternatively, in an interrupt-based agent 
the control server may search only that database for software embodiment where the control server 4 maintains target 
or hardware information. computer system information and is informed by the agent 
The control server 4 may include an alert engine 12. The upon a change being made to the target computer system, a 
alert engine 12 may monitor the KB 8 and/or update triggering input may include a change in the configuration of 
information transmitted to the KB 8 to determine when an 65 the target computer system. An example of a triggering input 
alert should be issued to agents communicating with the from the management tool GUI may be a query as to the 
control server 4. In the embodiment shown in FIG. 1, the effect of upgrading a particular software package on the 
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target computer system. A triggering input from the control server 4 through the communications network. The agent 
server may be a ping request for target computer system may translate the information into a form usable by the 
information. control server 4 or a form suitable for transmission. For 
In response to such triggering inputs, the agent interro- example, the agent may transmit the information according 
gates the target computer system for information (step 102). 5 t0 ^ G TCP/IP communication protocols. 
The information collected from the interrogation process FIG. 2B shows a flow diagram of the agent's process for 
may include, among other things, information related to receiving information from the control server. According to 
software or hardware configuration information, software or an embodiment of the present invention, information 
hardware specification information, software or hardware received by the agent from the control server 4 may include 
diagnostic information, software or hardware history infor- 10 alert information and responses to user queries. Alert infor- 
mation and software or hardware frequency of use informa- mation may be broadcast to all agents or selectively trans- 
tion. Specific examples of system information may include mitted to agents for whom the alert information is relevant, 
the type of operating system being used by the target In an example of the latter embodiment, an alert message 
computer system, the number and types of software appli- indicating that a particular software package was susceptible 
cations and hardware components available to the target 15 to a buffer overrun attack may only be transmitted to only 
computer system and the location of electronic files associ- selected agents associated with target computer systems that 
ated with such software applications or hardware have or use that software package, or for which that software 
components, specifications (e.g., file or buffer size, memory package would be an upgrade. Two examples of user queries 
requirements, hardware operational characteristics) for such include requests for information on the effect on the target 
software applications or hardware components, system diag- 2 o computer system of upgrading, installing or removing a 
nostic information, and software or hardware frequency-of- software package, and the availability of upgraded versions 
use statistics. Commonly, a software application, device of software packages currently used by the target computer 
driver or operating system will already have functions system. 

designed to collect such information. For example, in Unix- When the agent receives information from the control 

based systems, the "finger" command allows a user to 2 $ server 4, as determined at step 200, the agent determines if 

retrieve information about users logged in to the system, the the information is related to the target computer system at 

"ping" command allows a user to determine the status of step 202. Step 202 may be employed in embodiments of the 

another system, and the "ps" command provides the user invention in which the control server 4 transmits general 

with information about the status of processes running on messages to the agents without regard to the target computer 

the system. An agent enters commands and search diagnos- 30 systems to which they are associated. An example of this 

tic and configurations files to select from the resulting embodiment is a system in which the control server sends a 

information pertinent target computer system information. general alert message to all agents on the network about a 

The agent executes an interrogation script of function calls particular software package and each agent determines 

and file searches. whether that alert message is applicable to its associated 

In an embodiment in which the control server maintains 35 target computer system(s). To make this decision, an agent 

target computer system information updated by agent trans- may examine the incoming message to determine the subject 

missions only when target computer system information software package(s), and review stored or collected target 

changes, step 104 may initiate transmission of a message to computer system information to determine if any of the 

the control server at step 106 if the agent compares past same software packages are or have been used by the 

stored target computer system information with target com- 40 system. If the message from the control server is not related 

puter system information collected from the most recent to the target computer system, the message is ignored and 

interrogation and finds that the two information sets do not the agent waits for the next message from the control server 

match. In this case, the agent would update the control 4 to be received. 

server's stored target computer system information. If the message is related to the target computer system, the 
Alternatively, in an embodiment in which the control server 45 agent determines whether the information is to be sent to the 
4 does not store target computer system information and the user in step 204. Some messages received from the control 
agent periodically updates the control server 4, step 104 server 4 may not require the user's attention or action. For 
initiates transmission of a message to the control server at example, the control server may send the agent an updated 
step 106 if the required number of clock pulses had been plug-in that changes how the agent interrogates the target 
received since the last transmission from the agent to the 50 computer system in a way completely transparent to the user, 
control server. In yet another embodiment, the agent may In this case, step 204 initiates the action required by the 
transmit a message to the control server 4 at step 106 if in message as shown at step 206. Other messages, e.g., alert 
step 104 the agent determines that an anomaly exists in the messages, responses to user queries and unsolicited upgrade 
target computer system. The agent may discover an anomaly availability information, may be brought to the attention of 
where, for example, the agent tracks target computer system 55 the user. In this case, step 204 initiates the presentation of 
resources (e.g., disk space, disk I/O, or memory utilization) relevant information to the user, either through the manage- 
by collecting real-time data measuring these resources and ment tool GUI, electronic mail, a printed report or some 
screens the data for symptomatic conditions, i.e., conditions other form, at step 208. In some cases, user input may be 
that indicate that an anomaly may exist. For example, the required for further action. For example, in response to a 
agent may monitor memory availability and CPU utilization 60 user query asking about the effects of installing a particular 
to detect that additional memory should be provided. The software application on the target computer system, the 
symptomatic conditions may be defined and/or updated by control server 4 may respond with a message saying that a 
the control server. The agent may then transmit a message particular software patch must be installed to resolve con- 
containing target computer system information relevant to flicts between the software package to be installed and 
the anomaly for diagnosis by the control server 4. 65 software packages already available on the target computer 
Step 106 entails the agent transmitting a message con- system. Upon receiving this type of message, the agent's 
taining target computer system information to the control communication to the user may include an option for the 
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user to reply with an instruction to download and install the software package or hardware component. FIG. 4 illustrates 
software patch when the primary software package is a typical dependency tree for software package A 401. 
installed. In that case, after communicating the relevant Software package A 401 is directly dependent on software 
information to the user, the agent would proceed to block package B 402 and hardware package C 403. Software 
210 and would perform these download and installation 5 package B 402 is in turn directly dependent on software 
functions if instructed to do so by the user. In another package D 404. In this situation, software package A 401 is 
example, where a user query as to the availability of an indirectly dependent on software package D 404. In an 
upgrade for an existing software package results in the embodiment of the present invention, the dependency 
control server transmitting a response message to the control checking function is performed recursively so that a depen- 
server that such an upgrade is available, the agent's com- dency check for software package A 401 will identify the 
munication to the user may include options to install the direct dependencies on software package B 402 and hard- 
upgrade, remove the existing software package, or both. ware package C 403 as well as the indirect dependency on 
FIG. 3 shows a set of sample records in the Knowledge software package D 404. The dependency check may be 
Base (KB). KB database records may include the name of performed by first querying the KB for records related to 
the software package or hardware component to which the software package A 401. The results of this query will reveal 
information pertains, the type of information contained in 15 me direct dependencies on software package B 402 and 
the record, and the information itself. For example, for hardware component C 403. The KB can then be queried for 
record 301, the software/hardware element 301a is records related tQ ^f^m package B 402, revealing the 
"Microsoft Outlook," meaning that the entry relates to indkect iSeptndeocy on software package D 404. The KB 
Microsoft Outlook, a commonly used software package also £ ^ for records Te{ ^* {Q hardwafe CQm _ 
including electronic mail, address book and calendaring 20 ' m 

functions. The database may index records by associated £ 7 *T ya^a^ ^ ™ , ^""s uu 

software/hardware elements. The control server 4 may then mmer de P endencies - 

access records in the database through indexes to hardware/ The software and hardware management services 

software elements. The record type element 301^ designates described above may be provided to subscribing customers 

the record as of the "R" type, meaning that the information 2 5 for a fee * ^ services may be provided separately or 

contained relates to software or hardware requirements of bundled together. For example, a customer may choose to 

the software package or hardware component to which the subscribe to all services except the alert service (i.e. chooses 

record pertains, here Microsoft Outlook. The information not to receive alert messages from the control server), 

element 301c completes the information stored in the record. a customer may subscribe to receive services based on 

Therefore, as read by the control server, record 301 would 3Q the particular KB relevant to the customer network's oper- 

mean that Microsoft Outlook requires at least X MB of total " atmg S y S tem or software components (e.g., Apache or 

RAM to execute properly. The control server would then Oracle) Therefore, KB 8 may actually comprise multiple 

compare this requirement information with target computer databases, each containing information particular to target 

system information to determine if the target computer computer systems using a different operating system or 

system satisfies the requirement. 35 various software components. In such an embodiment, a 

Record 303 shows how a software dependency relation- customer operating a network based on the Linux operating 

ship can be represented in a requirement-type record. The system may subscribe to the Linux KB. User queries from 

information element 303c indicates that Microsoft Outlook the customer may then be answered based on information 

will not execute properly unless the target computer system contained in the Linux KB only, and only alert information 

also has "Microsoft Windows version Y or above." If the 40 related to Linux-based systems would be sent to the agent(s) 

control server 4 discovers that the target computer system associated with the customer's target computer systems, 

does not have Microsoft Windows or that its version of Furthermore, in the preferred embodiment, payment status 

Microsoft Windows is older that version Y, the control server information, billing and subscription about the customer is 

4 may execute additional searches to determine if upgraded stored in the CIB 5. For example, this information may relate 

versions of Microsoft Windows are available and compatible A5 to services to which the customer has subscribed, to which 

with the target computer system. operating system-specific KB database the customer has 

Record 305 shows a conflict-type record, as indicated by subscribed, to whether the customer has chosen periodic or 

the record type element "C. This record indicates that transactional billing or to whether the customer has an 

Microsoft Outlook conflicts with Application A. The control unpaid outstanding balance. Therefore, control server 4 may 

server 4 would then determine if Application A existed in the 50 query CIB 5 about customer status information before 

target computer system. Conflict-type records may contain sending an agent in the customer network information 

more detailed information on the nature of the conflict and retrieved from KB 8. 

instructions for avoiding conflict problems or software In an embodiment of the method of providing system 

patches. For example, the information element for a conflict- management services to a network of target computers in 

type record may specify that the piece of software in the 55 which the communications network 14 is a public network 

software/hardware element writes over particular files ere- suc h as the I nternet, the method may also include steps for 

ated by a specified software application. ^BBsu5fn^Tnat communications between the control server 

Record 307 shows an alert-type record, as indicated by the and agents associated with the customer network are secure 

record type element "A". This record indicates that and uncorrupted. In the se emb odiments, the customer may 

Microsoft Outlook 98 is susceptible to a Z virus attack. The 60 be assigned a uniquetid^^^^^^^^dgagasswo^ or cryp- 
control server (through the alert engine) may generally ^Jojiragjjj^cey. 

broadcast an appropriate alert message or selectively broad-^^^Tnanother embodiment of the present invention in which 

cast an alert message only to agents associated with target the control server stores target computer system information 

computer systems on which Microsoft Outlook 98 is in a CIB, information in the CIB may be collected and 

installed. 65 provided to interested parties, such as network service 

A software package or hardware component may be either providers and software vendors. The information sold may 

directly dependent or indirectly dependent upon another be in the form of demographic information, i.e., information 



08/14/2003, EAST Version: 1.04.0000 



US 6,529,784 Bl 



11 



12 



that reflects target computer system information for a plu- 
rality of subscribers in the aggregate rather than referring to 
target computer system information for each subscriber 
individually. An example of demographic information that 
may be collected from the CIB and provided to interested 
parties is the percentage or number of subscribers using 
particular operating systems, software packages or hardware 
components. Alternatively, the interested party may be pro- 
vided with information identifying particular subscribers, 
e.g., that a particular subscriber uses a Windows-based 
operating system. Interested parties may be required to pay 
a fee to receive collected information. Moreover, each 
subscriber may be asked for permission to provide target 
computer system demographic or individual information 
related to that subscriber to an interested party. 

While the description above refers to particular embodi- 
ments of the present invention, it should be readily apparent 
to people of ordinary skill in the art that a number of 
modifications may be made without departing from the spirit 
thereof. The accompanying claims are intended to cover 
such modifications as would fall within the true spirit and 
scope of the invention. The presently disclosed embodi- 
ments are, therefore, to be considered in all respects as 
illustrative and not restrictive, the scope of the invention 
being indicated by the appended claims rather than the 
foregoing description. All changes that come within the 
meaning of and range of equivalency of the claims are 
intended to be embraced therein. 

What is claimed is: 

1. A method of determining an effect of at least one action 
selected from installing, removing and upgrading a first 
software package on a target computer system memory, the 
method comprising: 

receiving target computer system information from an 
agent; 

accessing a database of information related to a plurality 
of software packages; 

selecting from the database information related to the 
target computer system information and the first soft- 
ware package; 

determining the effect of the action on the target computer 
system based on the target computer system informa- 
tion received and the information selected from the 
database; and 

transmitting a message to the agent informing the agent of 
the effect of the action. 

2. The method of claim 1, further comprising performing 
the action on the target computer. 

3. The method of claim 1, further comprising sending a 
second message to a user, wherein said second message is 
related to the message transmitted to the agent. 

4. The method of claim 1, further comprising instructing 
a user on procedures for performing the action. 

5. The method of claim 1, wherein the software package 
is one of a software patch and a software upgrade. 

6. The method of claim 2, further comprising changing 
target computer system information to reflect that the action 
was performed. 

7. A method of recursively checking the dependency of a 
software package, the method comprising: 

identifying a first item upon which the software package 
depends directly; 

identifying a second item upon which the software pack- 
age depends indirectly; 

repeating the steps of identifying the first item and iden- 
tifying the second item until substantially all items 
upon which the software package depends have been 
identified. 
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8. A method for correcting a target computer system 
anomaly, the method comprising: 

by an agent, collecting target computer system resource 
data; 

by an agent, screening the target computer system 
resource data for symptomatic conditions; 

by a control server, diagnosing the anomaly based on the 
symptomatic conditions; and 

informing a user of at least one possible cause for the 
anomaly. 

9. A method for correcting a target computer system 
anomaly according to claim 8, further comprising transmit- 
ting information related to the diagnosed anomaly from the 
control server to the agent. 

10. A method for correcting a target computer system 
anomaly according to claim 8, further comprising informing 
a user of a procedure for correcting the anomaly. 

11. A method of correcting a target computer system 
anomaly according to claim 9, wherein the symptomatic 
conditions are updated by the control server. 

12. A method of warning a user of information related to 
the software configuration of a target computer, the method 
comprising: 

receiving target computer system information from an 
agent; 

accessing stored software information related to the sys- 
tem information received; 

determining whether the accessed stored software infor- 
mation is critical to the operation of the target com- 
puter; and 

transmitting an alert message to the agent based on a 
determination that the accessed stored software infor- 
mation is critical to the operation of the target com- 
puter. 

13. The method of claim 12, further comprising updating 
stored software information periodically. 

14. The method of claim 12, further comprising receiving 
proposed target computer system change information. 

15. A computer readable medium having computer read- 
able instructions encoded thereon for: 

interrogating a target computer system for target com- 
puter system information representative of a target 
computer system configuration; 

transmitting target computer system information or a 
portion thereof to a control server; 

receiving instructions from a control server for modifying 
target computer system information; and 

modifying target computer system information, wherein 
the control server accesses information contained in a 
database of software information based on the trans- 
mitted target computer system information. 

16. The computer readable medium of claim 15, wherein 
the target computer system is interrogated periodically. 

17. The computer readable medium of claim 15, wherein 
the target computer system is interrogated upon a user 
request. 

18. The computer readable medium of claim 15, wherein 
the target computer system is interrogated upon receipt of a 
signal indicating that the target computer system configu- 
ration has changed. 

19. The computer readable medium of claim 15, wherein 
transmission of target computer system information is per- 
formed through a communications network. 

20. The computer readable medium of claim 19, wherein 
the communications network is the Internet. 
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21. The computer readable medium of claim 15, wherein 
the computer readable instructions are a continuously 
executed process. 

22. A computer readable medium having computer read- 
able instructions encoded thereon for: 

receiving target computer system information related to a 
target computer system; 

interpreting target computer system information to 
retrieve related information from a memory containing 
information related to at least one software package 
hosted on the target computer system; and 

transmitting information based on the information 
retrieved from the memory to an agent associated with 
the target computer system. 

23. The computer readable medium of claim 22, the 
computer readable instructions encoded therein further for 
translating information retrieved from the memory into a 
form usable by the agent associated with the target com- 
puter. 

24. The computer readable medium of claim 22, wherein 
the information transmitted to the agent is alert information. 

25. The computer readable medium of claim 24, further 
wherein the alert information is not based on target computer 
system information. 

26. The computer readable medium of claim 24, further 
wherein the alert information is specific to the target com- 
puter system information. 

27. A computer readable medium having computer read- 
able instructions encoded thereon for: 

measuring target computer system information; 

determining when a measured target computer system 
parameter exceeds a threshold value; 

transmitting target computer system information to a 
server in a system for managing a plurality of comput- 
ers; 

setting a threshold value based on measured target com- 
puter system information. 

28. The computer readable medium of claim 27, wherein 
the server is a control server. 

29. The computer readable medium of claim 27, wherein 
the server is a network server. 

30. The computer readable medium of claim 27, wherein 
the server is a Web server. 

31. A method of providing system management services 
to a network of target computers, the method comprising: 

enrolling customers to receive computer system manage- 
ment services for a customer network, the customer 
network having a target computer system; 

monitoring the customer network through an agent; 

receiving target computer system information from the 
agent; 

accessing information related to the target computer sys- 
tem information from a database containing software 
and hardware information; 

transmitting the accessed information to the customer. 

32. The method of providing system management ser- 
vices to a network of target computers of claim 31, further 
comprising determining the type of operating system being 
used by the target computer system and wherein the database 
contains information specific to the operating system. 

33. The method of providing system management ser- 
vices to a network of target computers of claim 31, further 
comprising verifying that the customer is enrolled prior to 
transmitting target computer system information to the cus- 
tomer. 



34. The method of providing system management ser- 
vices to a network of target computers of claim 31, further 
comprising assigning a unique identification code to the 
customer. 

5 35. The method of providing system management ser- 
vices to a network of target computers of claim 31, further 
comprising assigning a unique password to the customer. 

36. The method of providing system management ser- 
vices to a network of target computers of claim 31, further 

10 comprising billing the customer for computer system man- 
agement services received. 

37. The method of providing system management ser- 
vices to a network of target computers of claim 31, further 
comprising collecting a subscription fee from the customer 

15 for computer system management services to be received. 

38. The method of providing system management ser- 
vices to a network of target computers of claim 31, wherein 
the customer may select which computer system manage- 
ment services to receive from a plurality of offered computer 

20 system management services. 

39. The method of providing system management ser- 
vices to a network of target computers of claim 38, further 
comprising charging the customer a fee related to the 
computer system management services selected. 

25 40. The method of providing system management ser- 
vices to a network of target computers of claim 31, wherein 
the agent is intelligent. 

41. The method of providing system management ser- 
vices to a network of target computers of claim 31, wherein 

30 the agent is updated by transmitting plug-ins to the agent. 

42. A method of providing a management service to at 
least one subscriber, the at least one subscriber having at 
least one target computer system having a hardware con- 
figuration and a software configuration, the software con- 
figuration including one or more computer programs hosted 
on the target computer system, the method comprising: 

maintaining a database accessible by a control server, the 
database associating each of a plurality of computer 
programs with one of requirement information and 
conflict information; 
hosting an agent process on at least one target computer 
system of the at least one subscriber responsive to 
subscriber queries; 
at the agent process, detecting a subscriber query related 
to a proposed change in the software configuration of at 
least one of the target computer systems of the at least 
one subscriber; 
transmitting data representative of the query from the 
agent to the control server in a communication link, at 
least a portion of the communication link including a 
public data communication network; 
at the control server, receiving the data representative of 
the query and determining an impact of the proposed 
change in the software configuration of the at least one 
target computer system based upon at least one of 
requirement information and conflict information in the 
database associated with at least one computer program 
of the software configuration of the target computer; 
and 

transmitting data representative of the impact from the 
control server to the agent process through the com- 
munication link. 

43. The method of claim 42, wherein the public data 
communication network includes the Internet. 

44. The method of claim 42, wherein the proposed change 
to the software configuration includes adding one or more 
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computer programs to the software configuration of the at 
least one target computer system of the at least one sub- 
scriber and the method further includes determining the 
impact of the proposed change based upon the requirement 
information associated with the proposed addition of the 5 
computer program. 

45. The method of claim 42, wherein the proposed change 
to the software configuration includes removing one or 
morea software program from the software configuration 
and the method farther includes determining the impact of 1Q 
the proposed change based upon whether any other software 
program of the software configuration depends on the soft- 
ware program proposed for removal. 

46. A method of providing a management service to a 
plurality of subscribers, each subscriber having at least one 
target computer system having a hardware configuration and 15 
a software configuration, the software configuration includ- 
ing one or more computer programs hosted on the target 
computer system, the method comprising: 

maintaining a database accessible by a control server, the 
database associating each of a plurality of computer 20 
programs with one of requirement information and 
conflict information; 

hosting an agent process on at least one target computer 
system of each subscriber responsive to subscriber 
queries; 25 

at the agent process, detecting a subscriber query related 
to a proposed change in the software configuration of at 
least one of the target computer systems; 

transmitting data representative of the query from the 
agent to the control server in a communication link, at . 
least a portion of the communication fink including a 
public data communication network; 

at the control server, receiving the data representative of 
the query and determining an impact of the proposed 35 
change in the software configuration of the at least one 
target computer system based upon at least one of 
requirement information and conflict information in the 
database associated with at least one computer program 
of the software configuration of the target computer; ^ 
and 

transmitting data representative of the impact from the 
control server to the agent process through the com- 
munication link. 

47. A method of providing a management service to at 45 
least one subscriber, the at least one subscriber having at 
least one target computer system having a hardware con- 
figuration and a software configuration, the software con- 
figuration including one or more computer programs hosted 
on the target computer system, the method comprising: 5Q 

hosting an agent process on at least one target computer 
system of the at least one subscriber for monitoring at 
least one of the software configuration and hardware 
configuration of each target computer system of the 
subscriber; 55 

at the agent process, detecting an event or condition 
related to the hardware or software configuration of at 
least one of the target computer systems of the at least 
one subscriber indicative of an impact of performance 
of the at least one target computer system; eo 

transmitting data representative of the detected event or 
condition from the agent to a control server in a 
communication link, at least a portion of the commu- 
nication link including a public data communication 
network; 65 

at the control server, receiving the detected event or 
condition and determining a course of action including 



a change in one of the software configuration and 
hardware configuration of the at least one target com- 
puter system of the subscriber; and 
transmitting data representative of the course of action 
from the control server to the agent process through the 
communication link to initiate the course of action at 
the agent process. 

48. The method of claim 47, wherein the public data 
communication network includes the Internet. 

49. The method of claim 47, wherein the step of trans- 
mitting data representative of a course of action further 
includes transmitting data representative of one of a soft- 
ware patch and an updated version of a computer program 
of the software configuration of the at least one target 
computer system. 

50. The method of claim 47, wherein the step of detecting 
an event or condition related to the hardware or software 
configuration of at least one of the target computer systems 
further includes one of monitoring configuration files of the 
at least one of the target computer systems and poling the at 
least one of the target computer systems. 

51. A method of providing a management service to a 
plurality of subscribers, each subscriber having at least one 
target computer system having a hardware configuration and 
a software configuration, the software configuration includ- 
ing one or more computer programs hosted on the target 
computer system, the method comprising: 

hosting an agent process on at least one target computer 
system of each subscriber for monitoring at least one of 
the software configuration and hardware configuration 
of each target computer system of the subscriber; 

at the agent process, detecting an event or condition 
related to the hardware or software configuration of at 
least one of the target computer systems of the sub- 
scriber indicative of an impact of performance of the at 
least one target computer system; 

transmitting data representative of the detected event or 
condition from the agent to a control server in a 
communication link, at least a portion of the commu- 
nication link including a public data communication 
network; 

at the control server, receiving the detected event or 
condition and determining a course of action including 
a change in one of the software configuration and 
hardware configuration of the at least one target com- 
puter system of the subscriber; and 

transmitting data representative of the course of action 
from the control server to the agent process through the 
communication link to initiate the course of action at 
the agent process. 

52. A method of providing a management service to at 
least one subscriber, the at least one subscriber having at 
least one target computer system having a hardware con- 
figuration and a software configuration, the software con- 
figuration including one or more computer programs hosted 
on the target computer system, the method comprising: 

maintaining a database accessible by a control server, the 
database associating each of a plurality of identified 
computer programs with conditions affecting perfor- 
mance of the computer program; 

on at least one target computer system of the at least one 
subscriber, hosting one of a plurality of agent 
processes, each of the agent processes being associated 
with one or more of the target computer systems; 

detecting changes in the conditions affecting the perfor- 
mance of at least one particular computer program 
identified in the database; 
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transmitting data from a control server to one or more of registering subscribers to receive computer system man- 
selected ones of the agent processes representative of a agement services for a subscriber network, the sub- 
query through a communication link including a public scriber network having a target computer system; 
data communication network; utilizing an agent to supervise the subscriber network; 

transmitting data through the communication link from 5 obtaining target computer system data from the agent; 

each of the selected agent processes, in response to the . • , . • . j . 4L * 

query, to the control server indicating whether the re ™S data associated to the target computer system 

software configuration of the target computer systems data from a databasc havin 8 hardware md software 

associated with the selected agent include the particular data i and 

computer program identified in the database; and 10 making available the retrieved data to the subscriber, 
transmitting data from the control server to the selected 57. A method of supplying system management services 
agents associated with target computer systems with a to a network of target computers, the method comprising: 
software configuration having the particular computer registering subscribers to receive computer system man- 
program to initiate a change in the software configu- ^ agement services for a subscriber network, the sub- 
ration, scriber network having a target computer system; 

53. The method of claim 52, wherein the public data mi ^ to {s& ^ subscri5er network; 
communication network includes the Internet. , . . jr. 

54. The method of claim 52, wherein transmitting data obtaining target computer system data from the agent; 
from the control server to the selected agents includes retrieving data associated to the target computer system 
transmitting a message to the selected agents for displaying 20 data from a database having hardware and software 
a warning to an administrator of the subscribers. data; and 

55. A method of providing a management service to a making available the retrieved data to the subscriber, 
plurality of subscribers, each subscriber having at least one sg ^ mcihod of prov iding system management ser- 
target computer system having a hardware configuration and yiccs tQ a network of target compu ters of claim 57, further 
a software configuration, the software configuration mclud- ^ identifying an operating system utilized by the 
ing one or more computer programs hosted on the target ^ g and wherein ^ ^ ^ 
computer system, the method comprising: £ ^ J ^ system 

maintaining a database accessible by a control server the 59 ^ method of providing system management ser- 

database associating each of a plurality of identified 3Q ^ tQ & network of computers of claim 57, 

computer programs with conditions affecting perfor- ^ confirming that the subscriber is registered 

mance of the computer program; . j- T- m li t * * ^ * c 

r r 0 . before making available target computer system mtormation 

on at least one target computer system of each subscriber, ^ e SUDSC rib er 

hosting one of a plurality of agent processes, each of 6Q ^ melhod of idin tem manag ement ser- 

^tK^^uto^rt^ ^ m0rC ^ ViC6S t0 a DetWOrk ° f Urget com P uters of claim ^ fimher 

0 t e target computer systems, comprising providing a unique identification code and a 

detecting changes in the conditions affecting the perfor- u - password t0 the subscriber. 

mance of at least one particular computer program fil ^ mcthod of providing system management ser- 

identified m the database; ^ tQ a Qetwork of Urget computers of claim 57j 

transmitting data from a control server to one or more of 40 comprising invoicing and collecting a fee from the sub- 
selected ones of the agent processes representative of a &criber for computer system management services delivered 
query through a communication link including a public and for futUfe del i very 0 f computer system management 
data communication network; services 

transmitting data through the communication link from ^ 62. The method of providing system management ser- 
each of the selected agent processes, in response to the vices to a network of target computers of claim 57, wherein 
query, to the control server indicating whether the me subscriber may choose particular computer system man- 
software configuration of the target computer systems agement services to obtain from a plurality of available 
associated with the selected agent include the particular computer system management services and wherein the 
computer program identified in the database; and ^ subscriber is invoiced a fee associated with the computer 

transmitting data from the control server to the selected system management services chosen, 

agents associated with target computer systems with a 63. The method of providing system management ser- 

software configuration having the particular computer vices to a network of target computers of claim 57, wherein 

program to initiate a change in the software configu- the agent is intelligent and is updated via the sending of 

ration. 55 plug-ins. 

56. A computer readable medium having computer read- 
able instructions encoded thereon for: ***** 
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